Are Codeigniter - Active Records Vulnerable to SQL Injections?

后端 未结 2 623
甜味超标
甜味超标 2021-01-27 00:05

Just read this on Stack overflow and thus left me wondering if SQL injection is possible through active records in CI.

At most of the places in my project, for user regi

2条回答
  •  伪装坚强ぢ
    2021-01-27 00:37

    There are 2 safety features already provided by CodeIgniter for your case.

    1. XSS filtering for your user input : Input Class has second boolean parameter for its methods, which lets you run the input through a XSS filter in case you do not have global xss filter on.

    2. For SQL injections, using binded queries and Active records is safe, it will save you from SQL injections as the framework does all of the work of escaping vulnerable user input. There are few vulnerabilities with Active records, that are reported by users, they are however fixed quickly in suqsequent releases by the CodeIgnitor team ( EllisLabs)

提交回复
热议问题